[Date Prev][Date Next] [Chronological] [Thread] [Top]

AW: unknown CA



Hallo Howard,

Do you mind if I will fix it? And look, I believe there is something wrong with

openldap 2.1.2, openssl 1.9.6d 

if build together on solaris 2.6 with forte 6 update 1. I was struggling few hours with those fancy error messages I've described before, but could not find anything besides of the fact that s_client and s_server do work well with the same certificates. Thus, I will have to investigate this problem. I will inform you regardless to if I will have success or not.

Cheers, Vadim Tarassov.

-----Ursprüngliche Nachricht-----
Von: Howard Chu [mailto:hyc@highlandsun.com]
Gesendet am: Freitag, 14. Juni 2002 04:29
An: Tarassov Vadim; OpenLDAP-software@OpenLDAP.org
Betreff: RE: unknown CA

The code to support TLSCACertificatePath has not been written. This option
hasn't worked for a long time.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support 

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Tarassov Vadim
> Sent: Thursday, June 13, 2002 9:33 AM
> To: 'OpenLDAP-software@OpenLDAP.org'
> Subject: unknown CA
> 
> 
> Hallo again,
> 
> in addition to the problem I described before I noticed another 
> strange thing:
> 
> If I specify 
> 
> TLSCACertificateFile /usr/local/openldap/etc/certs/CA/CA_pubkey.pem
> 
> ldap starts
> 
> but if I specify 
> 
> TLSCACertificatePath /usr/local/openldap/etc/certs/CA/
> 
> ldap does not want to start writing following:
> 
> TLS: could not load client CA list 
> (file:`',dir:`/usr/local/openldap/etc/certs/CA/').
> 
> although in man you can find
> 
> TLSCACertificateFile <filename>
>           Specifies the file that contains certificates  for  all
>           of   the   Certificate   Authorities  that  slapd  will
>           recognize.
> 
> TLSCACertificatePath <path>
>           Specifies  the  path  of  a  directory  that   contains
>           Certificate    Authority   certificates   in   separate
>           individual files. Usually  only  one  of  this  or  the
>           TLSCACertificateFile is used.
> 
> Do you know what am I doing wrong?
> 
> Regards, Vadim Tarassov.
> 
> 	-----------------------------------------------------------
> 	Vadim Tarassov
> 	e-Platform Solution Center
> 	mailto:vadim.tarassov@winterthur.ch
> 	Phone +41 52 261 73 22, Fax +41 52 261 46 40
> 	Mobile +41 076 380 51 26
> 	-----------------------------------------------------------
> 	Winterthur Insurance
> 	Paulstrasse 12
> 	CH-8401 Winterthur
> 	http://www.winterthur.com/ch
> 	-----------------------------------------------------------
>